[Dovecot] trying to combine static userdb with LDAP passdb with per-user userdb_mail and userdb_home
Igor Zinovik
zinovik.igor at gmail.com
Mon Apr 11 13:45:49 EEST 2011
Hello, dovecot users.
I'm trying to cope with following problem I have single computer which
will be going to be final destination for several virtual domains.
Domains are stored in LDAP catalog. Dovecot will be working together
with Postfix MTA running on same computer.
I'm a bit confused how to achieve following thing: I want Postfix to use
Dovecot LMTP server for mail delivery. All my mail is located under
/var/vmail partition. I designed my own ldap schema and according to
dovecot documentation that user should always has home and mail directory
i added separate attributes for user home and mail. My typical user
that is stored in LDAP has homeDirectory (which stores value like
/var/vmail/domain.com/j/joe) and mailMessageStore (which stores value
like /var/vmail/domain.com/j/joe/Maildir). All data under /var/vmail is
owned by Postfix MTA user (which is called `postfix', uid=89). After
reading dovecot documentation I understand that my setup needs to
combine static userdb with LDAP passdb. But i also want dovecot to be
able to deliver mail for local system users (that are stored in
/etc/passwd). For system users i want to store their mail in
$HOME/Mail. So i set mail_location = ~/Mail (which turns into
/home/user/Mail), but for virtual (which are stored in LDAP) users i
want to set mail (or maybe i should write here userdb_mail) to LDAP
value mailMessageStore. Seems to me that LMTP server needs separate
userdb query to fetch mail_location from LDAP.
Setting mail_location = /var/vmail/%d/%n1/%u solves my problem, but I
want dovecot to dynamically fetch maildir location from LDAP. Maybe in
near future I would also store mail somewhere else not only under
/var/vmail. And dovecot will fetch this information from LDAP.
Here is excerpt from dovecot log when user tries to login:
Apr 11 13:32:29 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so
Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so
Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so
Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so
Apr 11 13:32:29 auth: Debug: auth client connected (pid=14748)
Apr 11 13:32:29 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=172.20.21.26 rip=172.20.20.216 lport=143 rport=1227 resp=<hidden>
Apr 11 13:32:29 auth: Debug: ldap(joe at domain.com,172.20.20.216): pass search: base=pdomain=domain.com,ou=mail,dc=org,dc=ru scope=onelevel filter=(&(objectClass=mailAccount)(uid=joe)(accountStatus=TRUE)) fields=mail,userPassword,mailQuota,homeDirectory,mailMessageStore
Apr 11 13:32:29 auth: Debug: ldap(joe at domain.com,172.20.20.216): result: mail(user)=joe at domain.com mailQuota(userdb_quota_rule=*:bytes=%$)=1073741824 mailMessageStore(userdb_mail)=/var/vmail/domain.com/p/joe/Maildir homeDirectory(userdb_home)=/var/vmail/domain.com/p/joe userPassword(password)=<hidden>
Apr 11 13:32:29 auth: Debug: client out: OK 1 user=joe at domain.com
Apr 11 13:32:29 auth: Debug: master in: REQUEST 2814377985 14748 1 5e00190b4fbfd1a4b8a50e13fa6562b1
Apr 11 13:32:29 auth: Debug: master out: USER 2814377985 joe at domain.com uid=89 gid=89
Apr 11 13:32:29 imap-login: Info: Login: user=<joe at domain.com>, method=PLAIN, rip=172.20.20.216, lip=172.20.21.26, mpid=14750
Apr 11 13:32:29 imap: Debug: Loading modules from directory: /usr/lib64/dovecot
Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so
Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_imap_quota_plugin.so
Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_trash_plugin.so
Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_autocreate_plugin.so
Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_expire_plugin.so
Apr 11 13:32:29 imap(joe at domain.com): Debug: Effective uid=89, gid=89, home=
Apr 11 13:32:29 imap(joe at domain.com): Debug: Quota root: name=User quota backend=maildir args=
Apr 11 13:32:29 imap(joe at domain.com): Debug: Quota rule: root=User quota mailbox=* bytes=1073741824 messages=0
Apr 11 13:32:29 imap(joe at domain.com): Debug: Quota warning: bytes=1020054732 (95%) messages=0 reverse=no command=/usr/libexec/dovecot/quota-warning.sh 95 joe at domain.com domain.com
Apr 11 13:32:29 imap(joe at domain.com): Debug: Quota warning: bytes=966367641 (90%) messages=0 reverse=no command=/usr/libexec/dovecot/quota-warning.sh 90 joe at domain.com domain.com
Apr 11 13:32:29 imap(joe at domain.com): Debug: Quota warning: bytes=858993459 (80%) messages=0 reverse=no command=/usr/libexec/dovecot/quota-warning.sh 80 joe at domain.com domain.com
Apr 11 13:32:29 imap(joe at domain.com): Error: user joe at domain.com: Initialization failed: Initializing mail storage from mail_location setting failed: Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Mail
Apr 11 13:32:29 imap(joe at domain.com): Error: Invalid user settings. Refer to server log for more information.
Here is my ldap query:
pass_filter = (&(objectClass=mailAccount)(uid=%n)(accountStatus=TRUE))
# ldap_attr = dovecot_variable
pass_attrs = mail=user, userPassword=password, mailQuota=userdb_quota_rule=*:bytes=%$,\
homeDirectory=userdb_home, mailMessageStore=userdb_mail
What is the best way to do in my situation? Should i just add two
attributes to each LDAP user like mailuid and mailgid and set both these
variables to `postfix'. Or maybe i should just forget about mail for
local system users and just user `prefetch' userdb. I'm just mazed
about dovecot userdb and passdb queries. It so powerful but also so
hard to understand.
I would appreciate any help, since I peck dovecot authentication and
userdb-passdb queries like woodpecker starting from last week.
Do I understand right that dovecot during userdb fetches Unix UID which
will be used to access data on disk? I just want postfix (uid=89) to
allow to do this.
Here is `dovecot -n' output:
# 2.0.11: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.18-238.1.1.1.el5 x86_64 CentOS release 5.5 (Final)
auth_debug = yes
auth_failure_delay = 3 secs
auth_mechanisms = plain login
auth_verbose = yes
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
first_valid_gid = 89
first_valid_uid = 89
last_valid_gid = 89
last_valid_uid = 89
listen = *
log_path = /var/log/dovecot
login_greeting = Dovecot ready to serve.
mail_debug = yes
mail_fsync = always
mail_location = maildir:~/Mail
mail_nfs_index = yes
mail_nfs_storage = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date imapflags
mmap_disable = yes
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
plugin/autocreate = &BBoEPgRABDcEOAQ9BDA-
plugin/autocreate2 = &BCEEPwQwBDw-
plugin/autosubscribe = &BBoEPgRABDcEOAQ9BDA-
plugin/autosubscribe2 = &BCEEPwQwBDw-
plugin/expire = &BBoEPgRABDcEOAQ9BDA- 7 &BCEEPwQwBDw- 30
plugin/login_executable = /usr/libexec/dovecot/managesieve-login
plugin/mail_executable = /usr/libexec/dovecot/managesieve
plugin/quota = maildir:User quota
plugin/quota_rule = *:storage=1GB
plugin/quota_warning = storage=95%% /usr/libexec/dovecot/quota-warning.sh 95 %u %d
plugin/quota_warning2 = storage=90%% /usr/libexec/dovecot/quota-warning.sh 90 %u %d
plugin/quota_warning3 = storage=80%% /usr/libexec/dovecot/quota-warning.sh 80 %u %d
plugin/sieve_dir = /var/vmail/%d/%1n/%n/.dovecot.sieve
plugin/sieve_extensions = +imapflags
plugin/sieve_storage = /var/vmail/%d/%1n/%n/sieve
protocols = pop3 imap lmtp sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
executable = /usr/libexec/dovecot/imap-login
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
service_count = 1
}
service imap {
executable = /usr/libexec/dovecot/imap
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0666
user = postfix
}
}
service managesieve-login {
executable = /usr/libexec/dovecot/managesieve-login
inet_listener sieve {
port = 4190
}
service_count = 1
}
service managesieve {
executable = /usr/libexec/dovecot/managesieve
}
service pop3-login {
executable = /usr/libexec/dovecot/pop3-login
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
service_count = 1
}
service pop3 {
executable = /usr/libexec/dovecot/pop3
}
service quota-warning {
executable = script /usr/libexec/dovecot/quota-warning.sh
user = dovecot
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
args = uid=postfix gid=postfix
driver = static
}
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
mail_plugin_dir = /usr/lib64/dovecot
mail_plugins = autocreate expire quota imap_quota trash
}
protocol pop3 {
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_lock_session = yes
pop3_uidl_format = %08Xu%08Xv
}
protocol lmtp {
info_log_path = /var/log/dovecot-lmtp-info.log
log_path = /var/log/dovecot-lmtp.log
mail_plugins = quota sieve
}
Here is my typical LDAP user:
dn: uid=joe,pdomain=domain.com,ou=mail,dc=org,dc=ru
objectClass: top
objectClass: uidObject
objectClass: mailAccount
accountStatus: TRUE
mail: joe at domain.com
mailQuota: 1073741824
mailMessageStore: /var/vmail/domain.com/j/joe/Maildir
mailOwnerFirstName: Joe
mailOwnerLastName: User
registerPersonFirstName: Joe
registerPersonLastName: User
registerDate: 1301665769
homeDirectory: /var/vmail/domain.com/j/joe
uid: joe
userPassword: {SSHA}FvxQwgDycssHhfoMTtkzogZ0Nh43PpHL
More information about the dovecot
mailing list